Comments on “Google and eBay thwart phishing redirection ruse” • The Register

Comments on: Google and eBay thwart phishing redirection ruse

Back to the article
Comments on this article are now closed

security 101 #

By Iain Black Posted Wednesday 23rd January 2008 14:17 GMT

Was about to write.. this really is security 101... and then noticed that a page I wrote around 6 years ago has the same vunerability. Oops :-[ ]

But in my defence: 1- I now know better 2- I was only learning dynamic web pages at the time and 3- I was not a multi billion dollar company!!

Must go over 7 year old Perl code now...

Google redirection you say? #

By Anonymous Coward Posted Wednesday 23rd January 2008 14:27 GMT

http://www.google.com/search?q=%22paris+hilton%22&as_sitesearch=theregister.co.uk&btnI

If you're inventive with the q and as_sitesearch parameters you can have hours of fun. People see a Google query and don't think to check for the site.

30 Second Effective Fix. #

By Edward Pearson Posted Wednesday 23rd January 2008 14:38 GMT

99% of these redirect scripts can be secured through the use of a referrer check.

Have they really cleaned up their act? #

By Anonymous Coward Posted Thursday 24th January 2008 08:01 GMT

Um well about 75% of the spam I get has has links referred to by AOL, MSN, Yahoo and, yes, still Google. news.google.tw seems to be the favourite. So I don't think Google has cleaned up its act at all; I think it is effectively supporting spammers (maybe not phishers though, but effectively they are all the same now). Appalling behaviour I'd say.